Phishing Scams Targeting the UMN

Tuesday, July 1, 2014

Symantec reports about a new phishing scam that sets up a phishing form that looks like a google sign-in in a google drive document.

"The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing. The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly-accessible URL to include in their messages."

NOTE:

* If you get an unexpected document from an unknown (or unlikely) collaborator, be suspicious

* IF you are already logged in Google in your browser a Google doc should NOT redirect you to a login form.

* When UMN Google Apps DO direct you to a login page - they should always include UMN branding.